undefined | Better HN

0 pointsXorNot4y ago0 comments

It's also a constraint setting problem. No one deploying software with log4j would've said "yeah, the logging system should be able to reach any IP address at all if asked to by external input.

But we lack a decent way to express that sort of data flow constraint when deploying software.

0 comments

foxfluff4y ago

http://man.openbsd.org/pledge

j / k navigate · click thread line to collapse

0 pointsXorNot4y ago0 comments

It's also a constraint setting problem. No one deploying software with log4j would've said "yeah, the logging system should be able to reach any IP address at all if asked to by external input.

But we lack a decent way to express that sort of data flow constraint when deploying software.

0 comments

foxfluff4y ago

http://man.openbsd.org/pledge

j / k navigate · click thread line to collapse